Smart card
Definitions A smart card (also called a chip card, integrated circuit card or smart card) is Overview There are two broad categories of smart cards: * Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. * Microprocessor cards contain volatile memory and microprocessor components.Government Accountability Office, Personal ID Verification: Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards 1 n.2 (GAO-11-751) (Sept. 2011) (full-text). "Smartcards contain a processor capable of performing complex cryptographic operations and can be used to store credentials (e.g., digital certificates) that can be unlocked via a memorized secret token, such as a PIN."NISTIR 8080, at 16. Consumers purchase smart cards and load them with e-cash at a vending machine, bank, automated teller machine, personal computer (over the Internet), or through a specially equipped telephone. Once the e-cash is loaded on the card, the money can be spent over the Internet or through other communication devices. A smart card can also be used by inserting it into a compatible reader attached to a computer or network input device. Information from the card's chip is provided to the computer only when the user also enters a PIN, password, or biometric identifier recognized by the card. Thus, the user authenticates to the card, making available electronic credentials which can then be used by the computer or network to strongly authenticate the user for transactions. This method offers far greater security than the typical use of a PIN or password, because the shared secret is between the user and the card, not with a remote server or network device. Moreover, to impersonate the user requires possession of the card as well as knowledge of the shared secret that activates the electronic credentials on the card. Thus, proper security requires that the card and the PIN or password used to activate it be kept separate. This is not a concern if a biometric is used for the latter purpose. The unique advantage that smart cards have over traditional cards with simpler technologies, such as magnetic strips or bar codes, is that they can exchange data with other systems and process information, rather than simply serving as static data repositories. By securely exchanging information, a smart card can help authenticate the identity of the individual possessing the card in a far more rigorous way than is possible with traditional ID cards. A smart card’s processing power also allows it to exchange and update many other kinds of information with a variety of external systems, which can facilitate applications such as financial transactions or other services that involve electronic record-keeping. In addition to providing ways to enhance security of physical facilities, smart cards also can be used to significantly enhance the security of a computer systems by tightening controls over user access. Smart cards and biometrics Even stronger authentication can be achieved by using smart cards in conjunction with biometrics. Smart cards can be configured to store biometric information (such as fingerprints or iris scans) in an electronic record that can be retrieved and compared with an individual's live biometric scan as a means of verifying that person’s identity in a way that is difficult to circumvent. An information system requiring users to present a smart card, enter a password, and verify a biometric scan uses what is known as "three-factor authentication," which requires users to authenticate themselves by means of "something they possess" (the smart card), "something they know" (the password), and "something they are" (the biometric). Systems employing three-factor authentication provide a relatively high level of security. The combination of a smart card used with biometrics can provide equally strong authentication for controlling access to physical facilities. References See also * Chip card * Contact smart card * Contactless smart card * Dual-interface chip smart card * Government Smart Card Interagency Advisory Board * Hybrid smart card * Personalized smart card * Smart Card Alliance * Smart Card Interoperability Advisory Board * Smart card reader Category:Hardware Category:E-commerce Category:Definition Category:Security Category:Storage